In What Could Be a Trend, Ransomware Operation Files SEC Complaint Against Victim for Failing to Timely Disclose Cyberattack
Tuesday, November 28, 2023
Dr. llia Kolochenko, chief architect at ImmuniWeb and an adjunct professor of cybersecurity and cyber law at Capitol Technology University, told Law.com in an email that the increase in SEC filings by threat actors was expected due to the SEC's recent adoption of rules requiring companies to report attacks that could influence investment decisions.
“Misuse of the new SEC rules to put additional pressure on publicly traded companies was foreseeable; moreover, ransomware actors will likely start filing complaints with other U.S. and EU regulatory agencies when the victims fail to disclose a breach within the time frame provided by law,” he said.
However, Kolochenko said that because of the expected influx of complaints, regulatory agencies should be extra diligent in filtering out faulty ones, making sure they are backed up by hard evidence.
“Having said that, not all security incidents are data breaches, and not all data breaches are reportable data breaches,” he added. “Therefore, regulatory agencies and authorities should carefully scrutinize such reports and probably even establish a new rule to ignore reports uncorroborated with trustworthy evidence, otherwise, exaggerated or even completely false complaints will flood their systems with noise and paralyze their work.”
Kolochenko explained the importance of being prepared for breaches and its potential to protect millions of consumers’ data.
“Victims of data breaches should urgently consider revising their digital forensics and incident response strategies by inviting corporate jurists and external law firms specialized in cybersecurity to participate in the creation, testing, management and continuous improvement of their DFIR plan,” he said.
“Many large organizations still have only technical people managing the entire process, eventually triggering such undesirable events as criminal prosecution of CISOs and a broad spectrum of legal ramifications for the entire organization. Transparent, well-thought-out and timely response to a data breach can save millions,” he said. Read Full Article
CPO Magazine: Denmark Weathered Wave of Cyber Attacks on Energy Infrastructure in May, Industry Non-profit Reveals
CPO Magazine: Ransomware Group Trolls Victim With SEC Complaint After Data Breach